Technology Partners & Stack - PCA Technology Inc.

01 :: technology partners (active)

Active technology partners.

every partner listed is under an active agreement. no logo-wall-only relationships. each card includes why PCA picked this vendor.

Microsoft

// microsoft partner

M365 Business suite · Microsoft Defender · Intune MDM · Azure AD / Entra ID · SharePoint Online

the standard for SMB productivity, compliance, and identity. every PCA managed client runs M365. 130+ tenants since 2017.

// since: 2017verify partner →

Pax8

// cloud distribution partner

cloud marketplace distribution · M365 licensing · SentinelOne · Proofpoint · 100+ vendor catalog

PCA's primary licensing and distribution layer. VICTOR triggers license provisioning through the Pax8 API on new client onboarding — that's what makes the flat-rate model operationally viable.

// since: 2022pax8.com →

SentinelOne

// MSP partner

endpoint detection and response (EDR) · all SENTINEL+ tier clients · automated threat isolation

the EDR platform PCA deploys for autonomous threat response. when VICTOR flags a suspicious process, SentinelOne isolates the endpoint in seconds. used in the Qilin ransomware containment.

// since: 2023verify partner →

Proofpoint Essentials

// email security partner

email threat protection · anti-phishing · spam filtering · URL defense · all managed tiers

deployed ahead of every M365 inbox. catches spear-phishing and BEC that Defender misses. phishing incidents dropped within 30 days on every client environment.

// since: 2022verify partner →

Ubiquiti UniFi

// UniFi Pro integrator

enterprise LAN/WAN · Wi-Fi access points · SD-WAN · network design + deployment + management

PCA's default for business networking. solid networking without the Cisco/Meraki licensing bill. the 3-city manufacturer deployment ran on a unified UniFi stack managed from a single pane.

// since: 2019ui.com →

Proxmox VE

// virtualization

on-premise virtualization · VM migration · hypervisor management · zero-license-cost VMware alternative

after Broadcom repriced VMware, PCA migrated all self-hosted clients to Proxmox VE. 12 VMs, one Saturday, zero downtime. PCA's default hypervisor for on-premise compute.

// since: 2024proxmox.com →

Hikvision

// physical security

IP camera systems · NVR · physical security integration for multi-site clients

deployed where physical security is part of the managed environment scope. not a primary offering.

// since: 2020hikvision.com →

Tailscale

// mesh VPN

zero-config mesh VPN · secure remote access · site-to-site connectivity

replaced legacy VPN for distributed-team clients. zero-trust, no open inbound ports, works through NAT. PCA uses it for its own management access to client environments.

// since: 2023tailscale.com →

Cloudflare

// DNS + edge

DNS management · DDoS mitigation · zero-trust access (Cloudflare Access) · web application firewall

every PCA-managed domain runs DNS through Cloudflare. Cloudflare Access handles application-level access control without a VPN.

// since: 2021cloudflare.com →

Datto (BCDR option)

// backup + DR (select clients)

business continuity + disaster recovery · image-based backup · instant virtualization

for clients where M365 backup is insufficient: on-premise servers, critical databases, or RTOs under 4 hours. not universal — deployed where the risk profile requires it.

// since: 2022datto.com →

03 :: vendors PCA refuses to recommend (and why)

What PCA won't sell.

factual, non-libelous, based on direct experience with the products in real SMB environments.

[X]
GoDaddy hosting and email (SMB-targeted SKUs). historically shipped with poor security defaults, weak spam filtering, and offshore helpdesk without technical depth. M365 + Cloudflare delivers materially better security posture at a comparable price point. PCA has migrated multiple clients off GoDaddy email; the security gaps surfaced in every case.
[X]
Consumer-grade antivirus retail SKUs (Norton, McAfee retail, Avast retail). designed for home users, marketed to businesses. do not provide EDR, centralized management, or automated threat isolation. 10 endpoints with Norton is 10 independently-managed instances with no coordinated response capability.
[X]
Consumer-grade routers for business networks (ASUS, Netgear Nighthawk retail, TP-Link retail). not designed for the security, visibility, or stability requirements of a business network. lack centralized management, inconsistent firmware update cadences, and cannot be monitored remotely.
[X]
Legacy on-premise Exchange (Exchange 2016 and older in active use). known-vulnerable mail server requiring dedicated patching, backup infrastructure, and hardware refreshes. the migration path to M365 Exchange Online is mature. PCA will assist with the migration; it will not support on-premise Exchange as a steady-state environment.
[X]
Per-incident break-fix agreements sold as "managed IT". a monthly retainer for helpdesk queue access is not managed IT. PCA's managed services are active: VICTOR monitors continuously, patches automatically, and flags anomalies before the client notices.

04 :: how PCA picks vendors

Vendor selection criteria.

the actual decision process PCA uses when evaluating new vendors.

// framework note any vendor PCA adds to the stack passes all five criteria before client deployment.

would daniel put this on his own infrastructure? if the answer is no, it doesn't go on client infrastructure. PCA runs its own operations on the same stack it sells.
does it reduce manual labor without introducing opacity? vendors that hide telemetry, require opaque agents, or create management blind spots fail this criterion regardless of feature list.
is the pricing model sustainable at flat-rate? per-seat licensing that grows with client headcount breaks the flat-rate model. PCA prefers per-device, per-tenant, or flat-rate licensing.
does the vendor have a real MSP support channel? vendors that treat MSPs like direct customers — no partner portal, no dedicated support queue, no advance notice of breaking changes — create operational risk.
has it survived a real incident? preference is always given to vendors tested in a real incident environment. SentinelOne's position is partly justified by its role in the Qilin ransomware containment. vendors evaluated only in low-stakes environments get a probation period before client rollout.

partners + stack.

Active technology partners.

Houston network.

What PCA won't sell.

Vendor selection criteria.

Referral partnership.

CPAs, attorneys, business consultants, and web agencies.

questions about the stack?